Introducing Toopher and Duo Support for LastPass

We’re excited to announce that two new options join the family of multifactor authentication methods we support with LastPass! LastPass now supports Toopher and Duo, both of which can be run from your Android or iOS smartphone and are free for consumers.

We’ve talked up multifactor authentication over the last few years and especially in the last several months as it marks a growing trend in personal security. Multifactor authentication refers to the use of a second piece of information or a device that generates that information before allowing access to an account. By adding a second step, you’re requiring that two pieces of data be entered by a user – typically a username and password that the user knows, then a code or generated key that the user provides with a device or app. Adding multifactor authentication creates another barrier to entry, so that even a compromised password does not translate to a compromised account. By enabling multifactor authentication with your LastPass account, you’re significantly increasing the security surrounding the “hub” of your online life.

Toopher

To get started with Toopher:

Download the Toopher app from the app store on your device.

Start the app on your device.

Login to LastPass and launch your “settings” menu in the LastPass vault.

Click the “multifactor options” tab and select “Toopher”.

Switch Toopher to “enabled”, and enter the pairing phrase generated by the Toopher app on your mobile device. Select the “=” button on the Toopher app to generate this phrase.

Look for the “push notification” on your phone, and select “allow”.

Toopher is now enabled for your LastPass account. You can automate authentication by telling your mobile device to automatically log you in next time, by sliding the “automate when near here” slider. Toopher will automatically enable authentication for you when you’re in the same location logging in to the same computer.

Duo

To get started with Duo:

Download the Duo app from the app store on your device.

Start the app on your device.

Login to LastPass and launch the “settings” menu in the LastPass vault.

Click the “multifactor options” tab and select “Duo Security”.

Switch the status to “enabled” and select the link to enroll in Duo.

Enter your telephone number, and send yourself the text message.

Follow the steps to complete enrollment.

Once complete, ensure that you’ve also “updated” your LastPass settings.The next time you login to LastPass, Duo will send a “push notification” to your phone, and allow you to “approve” login.

Please, just add SMS/TEXT as an Multi factor method. It is much safer, and less of a hassle, I think. Google uses that method too. And I love it. No phishing site can send me the sms code, while it can ask me for the Google Authentication code.

Furthermore, the data from Apps can be stolen. I.e. the Google Authentication data (and others) can be stolen, while it would be far more difficult to intercept an sms/text message.

And last but not least. I switch phones a lot/ perfom factory resets/ change my phone ROM, etc. Every time I get locked out from Lastpass, because I don’t have the multifactor auth. app anymore (Google Authenticator/Toopher etc). This would not happen when Lastpass sends me a sms/text message.

If you print (or save it someway) QR code that is shown during enabling Goggle Authenticator, you can reinstall google authenticator on a new phone and use the same QR code to get 2FA back on a new phone. As for stolen data, if your phone is encrypted and not rooted, it’s not easy (if not impossible) to steal GA data from the phone.

I have been using Sesame as my Multifactor Authentication tool for the past couple of years and it’s been great. Love the additional layer of protection that it provides, and I’d never go back to Singlefactor Authentication now.

Recently changed to Duo as it makes sense since I always have my mobile phone with me and saves me carrying around my special USB drive. So far, it’s proven to be a fabulous combination. Takes only a couple of minutes to set up, and so far it’s been a dream to use.

As for a couple of the questions re: what if I lose my phone? That was my initial question / concern, as at least with Sesame I could deactivate it via my security email.

After a bit of sussing around, I found out that I can simply delete that phone from my Duo account and then use another mobile phone (an older NON-smart phone can also work) or even a landline (yes, a few of us still have one of these too at work or even home).

So the Lastpass and Duo combo seems pretty good. (Toopher also looks pretty good yet I have yet to try that one to comment.)

I absolutely love using LastPass. It’s the best and most convenient Password Manager I’ve used to date and in the past I have recommended accounts to friends and family.

Unfortunately as a non-US user, and in light of the NSA spying with secret gag orders etc, I no longer trust US-based services and so am in the process of removing my data and future business from US companies. Will be helping my friends and family move their accounts too.

LastPass will be one of the few services I will really miss and will be difficult to replace.

How do I add a second Toopher mobile app? I already authenticated on my iPad, now I want to add my Android smartphone. There is no way I can see to add it, even though Toopher explicitly said it supports multiple devices…

Toopher supports multiple devices like Android and iOS. We do not support multiple devices per account, yet. Sorry for the confusion. We are working on creating a good user experience around multiple devices per account.

I’ve been using the Google Authenticator Option for a year now, but I recently switch from Google’s own app to Duo and then to Authy. Authy lets you rename the authenticators, which is helpful when you have more than one Google or Lastpass account, plus has a great bluetooth option to copy codes from phone to computer seamlessly. I would love to see native Authy push as well, which as I understand it is like Duo (I could be wrong!).

The concept behind Toopher sounds great, but since I already use google authenticator for a few different accounts, I will probably not try toopher. It’s easier to keep everything using the same system.

Search

What is LastPass?

LastPass simplifies your online life by remembering your passwords for you. With LastPass to manage your logins, it's easy to have a strong, unique password for every online account and improve your online security. Get started today - it's free.

Subscribe

Archives

Translation

What is LastPass?

LastPass simplifies your online life by remembering your passwords for you. With LastPass to manage your logins, it's easy to have a strong, unique password for every online account and improve your online security. Get started today - it's free.